Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0bf1110ef3290769bf40fcdc73b8df2b5cf509d1d90ebb4781f80b8a6ed1fe5c
-
Size
563KB
-
Sample
240521-br8d3sdf53
-
MD5
6d078aa59c6189f23a10bac510c4a120
-
SHA1
5ca07e80d9b641018bc67da416848ffd106f7a5f
-
SHA256
0bf1110ef3290769bf40fcdc73b8df2b5cf509d1d90ebb4781f80b8a6ed1fe5c
-
SHA512
fbb81274ae3a19a8937d298bf3f14db1a705d6562464540d744967ba5a476004d1e1dc2b462f94a940d03ae58ce27587a753ea072477eb56372aeb67d289ef54
-
SSDEEP
12288:x6X3bMUem352kyOBCqGjm7PH8t2VHiJba7mydO5Ox9Ew8:Q3bMZozywC/g/8t2Vz7myM5OUw8
Static task
static1
Behavioral task
behavioral1
Sample
0bf1110ef3290769bf40fcdc73b8df2b5cf509d1d90ebb4781f80b8a6ed1fe5c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0bf1110ef3290769bf40fcdc73b8df2b5cf509d1d90ebb4781f80b8a6ed1fe5c.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6391280536:AAESZ3NYNHmB2sa_7hA_g6U5Mw3cJR9yhiI/
Targets
-
-
Target
0bf1110ef3290769bf40fcdc73b8df2b5cf509d1d90ebb4781f80b8a6ed1fe5c
-
Size
563KB
-
MD5
6d078aa59c6189f23a10bac510c4a120
-
SHA1
5ca07e80d9b641018bc67da416848ffd106f7a5f
-
SHA256
0bf1110ef3290769bf40fcdc73b8df2b5cf509d1d90ebb4781f80b8a6ed1fe5c
-
SHA512
fbb81274ae3a19a8937d298bf3f14db1a705d6562464540d744967ba5a476004d1e1dc2b462f94a940d03ae58ce27587a753ea072477eb56372aeb67d289ef54
-
SSDEEP
12288:x6X3bMUem352kyOBCqGjm7PH8t2VHiJba7mydO5Ox9Ew8:Q3bMZozywC/g/8t2Vz7myM5OUw8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-